Forum Discussion
Abed_AL-R
Jun 27, 2022Cirrostratus
If anyone still intersted
This F5 TAC answer:
'X-Forwarded-For' can have two different IPs (to be fair, it can have any value, there are no restrictions):
This is an example where there are two IPs:
Jun 27 15:08:57 BigIP info tmm2[15377]: Rule /partition1/iRule_1 <HTTP_REQUEST>: Bad IP address format for IP: 77.124.162.82, 66.249.81.254
And this is an example of try to use log 4j: (i deleted the log4j command because the forum security settings won't let me)
Jun 27 15:10:34 slot2 info tmm6[4764]: Rule /partition1/iRule1 <HTTP_REQUEST>: Bad IP address format for IP: ...xforwardedfor.caspq8k5fu0ihqo00010b8g4moc5isrqx.oast.pro}, 95.181.161.126
We catched those values after we added those lines to the iRule:
if { [catch { whereis [IP::addr $client_ip mask "255.255.255.255"] country } errText] } {
log local0. "Bad IP address format for IP: $client_ip"
drop
Good Luck